A right-of-center Washington think tank has a novel recommendation for how the Trump administration can push back on Russian and Chinese hacking and disinformation campaigns: Strike back with its own information warfare operations.
The United States could hack and release embarrassing information about Russian President Vladimir Putin’s personal wealth, for example, as a bargaining chip to convince him to halt digital attacks against the United States, David Maxwell and Annie Fixler with the Foundation for Defense of Democracies told me.
U.S. officials could also release information about corrupt business practices by Chinese Communist Party officials or Iran’s theocratic rulers with similar goals, Maxwell and Fixler said.
“This generated from our thinking about where our adversaries are weak and we’re strong,” Fixler told me.
The idea, which comes from the think tank's “Midterm Assessment” of the Trump administration’s foreign and national security policies, is aimed at giving the United States more leverage in cyberspace where it is routinely pummeled by adversaries that are highly aggressive and don’t fear U.S. retaliation.
The report may also may hold sway with the Trump administration. The Midterm Analysis includes a foreword by Trump’s former national security adviser H.R. McMaster, who says the report “transcended the vitriolic and shallow partisan discourse that dominates much of what passes for commentary on foreign policy and national security.” McMaster is now chairman of the board of advisers at FDD's center on military and political power. The nonprofit think tank, known for its focus on robust American engagement abroad, employs numerous former Republican officials including John Hannah, who advised former vice president Dick Cheney on the Middle East.
Yet the United States has not previously used hacking and information operations as a tool to shame adversaries --or at least, it hasn't publicly acknowledged releasing hacked information about other leaders in the way the researchers describe. Doing so would mark a major escalation from typical U.S. responses to hacking campaigns, which have focused on escalating sanctions, indictments and calling out foreign government-backed hackers on the world stage.
Those diplomatic and law enforcement responses have the benefit of giving the United States a clear moral high ground about what is and isn't acceptable in cyberspace.
But they haven't actually deterred U.S. adversaries from playing dirtier, the researchers note. With Russian, Chinese, Iranian and North Korean hackers unbowed two years after Russian hacking upended the 2016 elections, it’s time for a bolder response, Fixler and Maxwell told me.
Hacking and releasing compromising information about adversary nations' leaders plays into U.S. adversaries' weaknesses, Fixler and Maxwell told me. Unlike U.S. citizens, Russians, Chinese and Iranians aren’t used to a free press that publishes lots of detailed and often embarrassing information about their leaders, they said.
“We can use that to our advantage by providing more information to their public about corruption, about where their leaders have money, things that can be very damaging for authoritarian countries,” Fixler told me.
That idea carries its own set of dangers, cautions Chris Painter, the former State Department cyber coordinator under former president Obama who’s now a fellow at Stanford University’s Center for International Security and Cooperation— especially if the United States falls into a tit-for-tat exchange releasing hacked information with a far more unscrupulous adversary.
“The worry is you have this escalating cycle with false and manipulated information that Russia has shown a great proclivity and ability to use,” Painter said. “But, on the other hand, they’re using it anyway, so we need to counter that.”
U.S. officials should make clear that the ultimate goal of any information operation is to make cyberspace more peaceful rather than simply to punch back in anger, Painter said. "You need to communicate very clearly that we’re using these tools and we’ll stop using them when you stop what you’re doing,” he told me.
Still, the idea of using information operations against adversaries is not a novel concept. U.S. intelligence officials considered but rejected such a plan to release damaging information about Russian officials, including bank account data, in response to Russia’s release of Democratic political emails before the 2016 election, according to a New Yorker report. And similar plans were widely discussed by analysts outside government after the election.
Fixler and Maxwell aren’t advocating releasing false or misleading information like Kremlin operatives did before the 2016 elections, they were quick to note.
They also don’t want the United States to abandon other methods of punishing adversaries that hack U.S. targets and launch disinformation campaigns, such as sanctions and indictments targeting companies and individuals that benefit from those operations.
But, so far, those methods have done little to change the willingness of Russia, China and Iran to hack U.S. targets or to engage in disinformation operations.
Just Thursday, in fact, Facebook and Twitter removed thousands of malicious accounts originating from Russia, Iran and Venezuela that spread false information about the 2018 U.S. election. On Wednesday, special counsel Robert S. Mueller III’s team revealed a Russian disinformation effort using documents the team shared with a Russian company that it had indicted on a charge of 2016 disinformation operations.
“What we’re saying is that, to date, [U.S. adversaries] haven’t felt the pain and we need to demonstrate that there’s a real cost to these actions that will change their calculations,” Fixler told me.
Correction: A previous version of this story cited outdated funding information for the Foundation for the Defense of Democracies. Casino magnate Sheldon Adelson is no longer a donor.
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: First in The Cybersecurity 202: A bipartisan pair of senators wants to make the Department of Homeland Security's cyber response teams that defend government's computer networks against malicious hackers a permanent division enshrined in law. Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio) today are reintroducing a bill that would make DHS's “cyber hunt” and “cyber incident response” teams permanent. Under the legislation, the government's cyber professionals would also be tasked with helping the private sector restore computer services after major hacks.
“By encouraging the private sector and the Department of Homeland Security’s cyber response teams to work together, this legislation will foster collaboration between the best minds in the field of cybersecurity to help fend off cyberattacks and protect vital infrastructure,” Hassan said in a statement. The bill would also make cyber teams responsible for developing strategies to prevent cyberattacks and suggesting cybersecurity improvements to the private sector.
PATCHED: Another bipartisan pair of lawmakers is pushing cybersecurity legislation in the Senate that seeks to bolster the defenses of America's pipelines against cyberattacks. Sens. John Cornyn (R-Tex.) and Martin Heinrich (D-N.M.) introduced a bill that would direct the Energy Department to launch a program aiming to ensure that natural gas pipelines, hazardous liquid pipelines and liquefied natural gas facilities are secure and resilient against cyber strikes.
“Foreign adversaries are trying to infiltrate our critical energy infrastructure, and it’s imperative that we’re prepared for potential attacks on our energy systems,” Cornyn said in a statement.
The “Pipeline and LNG Facility Cybersecurity Preparedness Act” would direct the energy secretary to coordinate responses to physical and cybersecurity incidents that affect the energy sector. The secretary would also be tasked with implementing programs to train workers about cybersecurity and physical security.
PWNED: Russian hackers targeted the Center for Strategic and International Studies think tank, the Daily Beast's Kevin Poulsen reported. The hacking group known as Fancy Bear used several fake websites and a mail server that imitated the Washington-based think tank's systems, according to a court filing by Microsoft, which is authorized by a court inunction to help other organizations prevent Fancy Bear attacks. Russian hackers previously attacked CSIS in 2016.
Microsoft seized four of the phony CSIS domains in December, Poulsen reported. "CSIS is under consistent cyber-attack from a variety of state actors,” Andrew Schwartz, chief communications officer for CSIS, told Poulsen. “We spotted this incident immediately and were able to work with Microsoft to put a stop to it.”
Microsoft's injunction allows the company to seize domain names that Russian hackers have registered if the address runs afoul of a Microsoft trademark, according to the Daily Beast. Fancy Bear, which was also resonible for hacking campaigns surrounding the U.S. and European elections, is linked to the Russian military intelligence agency known as the GRU.
— The U.S. ambassador to the European Union said there is classified evidence to back up concerns about security issues related to Chinese telecommunications giant Huawei's products, Reuters's Foo Yun Chee and Robert Muller reported. “There is a lot of evidence, most of it classified,” Gordon Sondland, the U.S. envoy, told Reuters. U.S. officials have said Huawei could be used as a platform for Chinese spying.
Washington wants people to use Western products instead of Huawei technology, Sondland said. “The U.S. is very supportive of discouraging the purchase of any Chinese digital products that involve potential national security implications and steering people away from Huawei into Western products is our desired outcome,” he told Reuters.
— More cybersecurity news from the public sector:
— Twitter said some disinformation efforts in the run-up to the 2018 midterm election employed tactics that are similar to those used by the Russian troll farm Internet Research Agency, The Washington Post's Tony Romm reported. Twitter removed thousands of malicious accounts believed to originate in Iran, Russia and Venezuela for carrying out disinformation efforts including around the 2018 midterms, the company said. “In contrast to 2016, we identified much less platform manipulation from bad-faith actors located abroad,” Carlos Monje Jr., director of public policy and philanthropy for the United States and Canada at Twitter, wrote in a blog post.
Twitter said it took down 764 accounts originating in Venezuela that imitated Russian disinformation methods. “The company said it removed a majority of these accounts by November 2017, but nearly a quarter of more recently created accounts tweeted 50,000 times about the 2018 midterm election,” Tony reported. Facebook also said it removed 783 accounts, pages and groups “for engaging in coordinated inauthentic behavior tied to Iran.”
I asked Facebook's Gleicher, who's speaking with reporters, if Facebook also has noticed inauthentic activity in/originating in Venezuela. Gleicher: Twitter shared info, they're investigating and "we'll come back when we have something to announce."— Tony Romm (@TonyRomm) January 31, 2019
That ain't a no, my friends. https://t.co/fxm1eVoghY
— While law enforcement officials generally advise ransomware victims not to pay hackers who are holding their data hostage, some corporate lawyers say small and medium-sized companies should not dismiss that option outright, CyberScoop’s Jeff Stone reported. “I would say, if it’s [a] small amount, pay it,” Mark Knepshield, a senior vice president at insurer McGriff, Seibels and Williams, said at the Legalweek conference in New York, according to CyberScoop. “It’s likely just [to] be the easiest way out of your situation.”
— More cybersecurity news from the private sector:
- BSidesPhilly cybersecurity conference in Philadelphia.
- B-Sides Tampa cybersecurity conference in Tampa tomorrow.
Don't be a creep with your Ring doorbell or Nest security camera. Follow these steps.
5 ways to embrace extreme winter cold:
Is extreme weather related to climate change?